If this is your first visit, be sure to
check out the Forum Rules by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

I'm trying to make it that after they connect to you AP and you get the WPA passphrase you then cancel the connection and then mimic the real AP with wpa, and then forward the traffic the clients to the real AP.
I have tryed this
ifconfig rausb0 0.0.0.0
ifconfig eth0 0.0.0.0

on my softAP and can still surf the net, and on the targget cleint i can sometimes ping google, but the computer doesn't display the web page.
I am useing ad-hoc between target client and softAP, no encrytion is used.

? why doesn't the target cleint not able to browse internet, and if its dns(ping goes through) why does ping work, but dns doesn't

What a brilliant way of approach. You guys are pretty impressive. Truly out-of-the-box thinking :b.
If one could combine evilgrade Java update with a WPA stealing payload, a phishing website which all dns lookup's point to on the rogue AP
which ask for the WPA key, and at the same time spamming deauthentication packets to the genuine AP, the WPA-key will be easily attained
in a matter of time. I wish I could help but programming (C) is still very new to me.

Compaq I like your thoughts on forwarding the traffic, but I think a better approach would be to create a method on which the rogue-ap performs
an ifconfig wlan0 DOWN once the key is attained and verified on the real AP. Because I doubt the forwarding will be stable enough.

But before evilgrade can be implemented in the attack, the Java part of it has to be fixed. ShadowKill was going to take a look at it but I don't think he has
accomplished anything yet. Try taking a look at this thread: http://forums.remote-exploit.org/showthread.php?t=17752.

I'm trying to make it that after they connect to you AP and you get the WPA passphrase you then cancel the connection and then mimic the real AP with wpa, and then forward the traffic the clients to the real AP.
I have tryed this
ifconfig rausb0 0.0.0.0
ifconfig eth0 0.0.0.0

on my softAP and can still surf the net, and on the targget cleint i can sometimes ping google, but the computer doesn't display the web page.
I am useing ad-hoc between target client and softAP, no encrytion is used.

? why doesn't the target cleint not able to browse internet, and if its dns(ping goes through) why does ping work, but dns doesn't

Thanks

this is what i did awhile ago

change as you please, this forwards traffic to internet through your pc
replace wlan0 with eth0 if you have a hard wired net connection, this is something I have done in backtrack, since then I moved onto the new kubuntu 8.1 in which I will be using dnsmasq, principles are the same.

the redirected webpage contains both instruction to upgrade java and the smb relay exploit, whichever we get first is great. I was thinking along the karmetasploit route of multiple exploits but that would be too noticeable with the page clicks.

I intend to have this up and running by next week providing no major problem
Once we sort the manual steps out we can then automate the whole thing at a later stage.

Wow guys this is an awsome thread! Ive been trying to accomplish this very same thing for a while now.
Create a tranparent evilgrade+karmetasploit AP that spoofs the orignal AP, hit the real ap with a DOS attack and force a recconect to your fake AP. Once they are surfing over your connection you have so many options for getting a shell it would seem impossible not to be able to get one even on a full updated box.

I have integrated karmetsploit with DNS spoofing and evilgrade already but getting the dhcp service running correctly was my only obsticle. Now that some posters have graciously explained how to do this I am hoping to be able to get everything working as planned. I will try this as soon as possible and report back to let you know how its going!

Morpheus: "You take the blue pill - the story ends, you wake up in your bed and believe whatever you want to believe. You take the red pill - you stay in Wonderland and I show you how deep the rabbit-hole goes."